package com.ideaaedi.springcloud.jd.commonspring.oauth2;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;

/**
 * jwt-token config
 *
 * @author <font size = "20" color = "#3CAA3C"><a href="https://gitee.com/JustryDeng">JustryDeng</a></font> <img
 * src="https://gitee.com/JustryDeng/shared-files/raw/master/JustryDeng/avatar.jpg" />
 * @since 2021.0.1.A
 */
@RefreshScope
@Configuration
public class JwtTokenConfig {
    
    /**
     * JWT 公钥
     *
     * 用来对jwt加签的（pem格式的）rsa私钥 (RSA私钥加签、 RSA公钥验签。 需要对生成的jwt token进行验签的地方，需要有对应的RSA公钥)
     *
     * # 生成私钥
     * openssl genrsa -out rsa_private_key.pem 2048
     * # 生成公钥
     * openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem
     *
     */
    @Value("${oauth2.jwt.ras-public-key:-----BEGIN PUBLIC KEY-----\n"
            + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA17iiqjitFwh8QdzkkmLF\n"
            + "XeoKg+jQkHw4O2AL7uefMCu04u7cCTnhQgU1FvUH+vchRQT1LsFRBXkigdnX+VxA\n"
            + "/Ewd82M7m2dphrDHtc018Mx7Amu/0FB0UHg1TQPd0bE9eJl33LOjLzMJgmIqao+h\n"
            + "2oMj+IH1+nTsyyR5+a2eSrQ1vd8ImXm8kHsrrrHmA2Tt/tXU6pEg/tpkmGn8YBOL\n"
            + "ft+yZmDWSNITOntmDvuePaRPDq69VLdXu8PB/jFgsEXhDXz2xT0nVLhMwGHpX2ht\n"
            + "9nGvf/qFWw9aaxwt2bwPb0pCT5+No1OChPd+KfLZ1h9gNa5Q0kFEzs4/SN7kxvjJ\n"
            + "PwIDAQAB"
            + "-----END PUBLIC KEY-----}")
    private String oauth2JwtRasPublicKey;
    
    /** JWT 私钥 */
    @Value("${oauth2.jwt.ras-private-key:-----BEGIN RSA PRIVATE KEY-----\n"
            + "MIIEogIBAAKCAQEA17iiqjitFwh8QdzkkmLFXeoKg+jQkHw4O2AL7uefMCu04u7c\n"
            + "CTnhQgU1FvUH+vchRQT1LsFRBXkigdnX+VxA/Ewd82M7m2dphrDHtc018Mx7Amu/\n"
            + "0FB0UHg1TQPd0bE9eJl33LOjLzMJgmIqao+h2oMj+IH1+nTsyyR5+a2eSrQ1vd8I\n"
            + "mXm8kHsrrrHmA2Tt/tXU6pEg/tpkmGn8YBOLft+yZmDWSNITOntmDvuePaRPDq69\n"
            + "VLdXu8PB/jFgsEXhDXz2xT0nVLhMwGHpX2ht9nGvf/qFWw9aaxwt2bwPb0pCT5+N\n"
            + "o1OChPd+KfLZ1h9gNa5Q0kFEzs4/SN7kxvjJPwIDAQABAoIBAHeLTCmEqvcerq1Z\n"
            + "Ghm9Pp6iuh0Lgbjv/cF5omNMXD03m1A/ChTazGfnttn4A+oh1YAIFU9JtfqQfHz1\n"
            + "GeiIJUMrc1WTYk7maeZIRQQMqp2801YuG+f3Dd4iH3eEcwJndCdG9NOLgR0A7X4h\n"
            + "pFvVKN6M2fw3GPcooKiamDWy7wt5+cEPtMPnqHKLU6ir+SX3quCzn2sPmAQzLAdD\n"
            + "TGl2LkT/eNi6VM0EZEzzWmJ6PvlAbHLUCQXHgv1IJ3AK34iqx8pzh3QsJu7ywZwX\n"
            + "wdikGa54TPoInoC8eGaWYtPjWxFf5DArpZNAtnb1pFfU3KBTjNud944wWxsQ8NNy\n"
            + "ipE1jBECgYEA9BD3mnfvrLetwlNESANII2TrE2cHkIdV4r5Sr1x1aKdNjteJ34uk\n"
            + "st3Vug+BGc+xbpwGAdf8lhbpXXxccSJgbmp9bN9eq+wzvDkiOtIzp1r/3L9ZnkGd\n"
            + "Q9as60yOYPwJRFW84V3EMfZ8ikJeSeJCb6q4M4QP3HdoOn6aOu8htC0CgYEA4kTd\n"
            + "6lzUypHEBWPyH2dQ4F2PrxjwBM1vRkWiCdyI5IzXPzO/B33bKdnLePOPxDJnglKn\n"
            + "aIJvcO3Xx4rEfJrdK1JoD0OittKBqBDDGdioSj9YMpJ2IGWfaxolSyKSBadEgWiR\n"
            + "TYdk3lbg091Al937cE1ObaIL9Hn+cZfm0KRIupsCgYA9NZQjVTjypA4b0i4psUkC\n"
            + "N2kNMKWhBY/wkbLC7/kyCeNVk5CsU6U2hpP3WbQS+ReSmeaXx8c9DPnxzCKS7QAq\n"
            + "MOLLzyk7DL3c0qdXASibLCNHBWZAXkxGmyw6xrRedlcMoEQCcTWnIh4RvptPBEON\n"
            + "Jc+Ue+ZOcFPfd6jOZvKY8QKBgDVTD42NBSUcRzsR+9zEx32o7xTP5rjrBV9lR7PV\n"
            + "QnnCa3PcqReF5KGvT1GY7PfK/TPscMGjg8n0c5b2MCpBgQAVsqpuQSme4KmQEbrE\n"
            + "oZyl4w5AEBDAglqGVeWoJwuoCPAKibvgvbfcd63WhcOEsB4eSe5ycyjRm1J//wiK\n"
            + "vw0jAoGAOnKbk+OVkZzaAV7KuSd3uKFdj7jRFnRyNM+eBot5MQCt5zcD08LL2Nw5\n"
            + "Q5g5TszC6qB9kTxFjVyrd1ca4Or5o3fMe7fjfqKrVUMLXtVHZtdD1poES9V35ouR\n"
            + "L71V+t0c7p1BPkVaoQ5cxeoRzdPz8nx+ACAzeSYrJiAcKl3KGhc=\n"
            + "-----END RSA PRIVATE KEY-----}")
    private String oauth2JwtRasPrivateKey;
    
    /**
     * token存储与加载的实现
     */
    @Bean
    @SuppressWarnings("deprecation")
    public TokenStore tokenStore() {
        return new JwtTokenStore(jwtAccessTokenEnhancerAndConverter());
    }
    
    /**
     * jwt token 增强器 & 转换器
     */
    @Bean
    @SuppressWarnings("deprecation")
    public JwtAccessTokenConverter jwtAccessTokenEnhancerAndConverter() {
        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        String rasPublicKey = oauth2JwtRasPublicKey;
        String rasPrivateKey = oauth2JwtRasPrivateKey;
        converter.setVerifierKey(rasPublicKey);
        converter.setSigningKey(rasPrivateKey);
        return converter;
    }
    
}
